@jjstecchino:

Thank you for doing this. Is the end still near?

Yes it is!  I have one last small file to finish and then I will package everything into the new pkg-ng format used in pfSense 2.3.  Converting two of the tabs (PREPROCESSORS and RULES) took me a very long time to finish.  Just finished RULES tonight.  I finished PREPROCESSORS about 2 days ago.

Bill

I hope it can still be improved, because it looks a bit silly to me using latest stable Firefox and Chrome.

Current
Chrome http://i.imgur.com/GShrqSa.png
Firefox http://i.imgur.com/b8QRFSu.png

Fixed:
Chrome http://i.imgur.com/YCeiT53.png
Firefox  http://i.imgur.com/Ph3UgPX.png

You're welcome.  I'm surprised this had never been reported before now.  It's the same code as in 2.2.x.  Been the same for quite some time.

i tried searching but couldnt find any ACS client tool for windows which i could use to find the VLAN id of the pppoe connection incase if it changes rather than having to plug the isp router everytime to figure it out, let me know if u know any such tool, then i could just reflash the isp router with the universal firmware and use it for other things and directly plug the cable to my PC to get provisioned from the server to get the new VLAN id

Thanks! The patch on the ticket fixes it for me.

Have you considered or tried installing on a USB flash drive?

Possible but unlikely – I've never seen that happen to an em, only re and lagg-based setups.

Also I've only seen that where the WAN bandwidth was set >100M

Likely was you, maybe a stray tab and key press that switched the box to 1. Look under Diag>Backup/restore, Config history tab. You'll see where it changed.

After the most recent commit here this looks OK again. It doesn't appear to be in a snapshot yet but if you update and then gitsync you'll get it

Awesome! .. Thank u!

Thanks NOYB!

Bill

It's working fine here. Was it working before and then stopped? What RADIUS server are you using? Anything in the RADIUS server log?

The error you show is not what would normally be seen for a bad password, but looks more like EAP itself is failing between strongSwan and your RADIUS server.

Here's a couple quick examples from my logs:

Bad password: Feb 25 08:06:12 charon 05[IKE] <con2|2>received EAP identity 'jimp' Feb 25 08:06:12 charon 05[CFG] <con2|2>RADIUS server 'radauth' is candidate: 210 Feb 25 08:06:12 charon 05[CFG] <con2|2>sending RADIUS Access-Request to server 'radauth' Feb 25 08:06:12 charon 05[CFG] <con2|2>received RADIUS Access-Challenge from server 'radauth' Feb 25 08:06:12 charon 05[IKE] <con2|2>initiating EAP_MSCHAPV2 method (id 0x01) Feb 25 08:06:12 charon 10[CFG] <con2|2>sending RADIUS Access-Request to server 'radauth' Feb 25 08:06:13 charon 10[CFG] <con2|2>received RADIUS Access-Reject from server 'radauth' Feb 25 08:06:13 charon 10[IKE] <con2|2>RADIUS authentication of 'jimp' failed Feb 25 08:06:13 charon 10[IKE] <con2|2>EAP method EAP_MSCHAPV2 failed for peer 10.6.0.101</con2|2></con2|2></con2|2></con2|2></con2|2></con2|2></con2|2></con2|2></con2|2> Good password: Feb 25 08:06:32 charon 16[IKE] <con2|3>received EAP identity 'jimp' Feb 25 08:06:32 charon 16[CFG] <con2|3>RADIUS server 'radauth' is candidate: 210 Feb 25 08:06:32 charon 16[CFG] <con2|3>sending RADIUS Access-Request to server 'radauth' Feb 25 08:06:32 charon 16[CFG] <con2|3>received RADIUS Access-Challenge from server 'radauth' Feb 25 08:06:32 charon 16[IKE] <con2|3>initiating EAP_MSCHAPV2 method (id 0x01) Feb 25 08:06:32 charon 10[CFG] <con2|3>sending RADIUS Access-Request to server 'radauth' Feb 25 08:06:32 charon 10[CFG] <con2|3>received RADIUS Access-Challenge from server 'radauth' Feb 25 08:06:32 charon 16[CFG] <con2|3>sending RADIUS Access-Request to server 'radauth' Feb 25 08:06:32 charon 16[CFG] <con2|3>received RADIUS Access-Accept from server 'radauth' Feb 25 08:06:32 charon 16[IKE] <con2|3>RADIUS authentication of 'jimp' successful Feb 25 08:06:32 charon 16[IKE] <con2|3>EAP method EAP_MSCHAPV2 succeeded, MSK established Feb 25 08:06:32 charon 06[IKE] <con2|3>authentication of '10.6.0.101' with EAP successful Feb 25 08:06:32 charon 06[IKE] <con2|3>authentication of 'shona.dw.example.com' (myself) with EAP Feb 25 08:06:32 charon 06[IKE] <con2|3>IKE_SA con2[3] established between 198.51.100.7[shona.dw.example.com]...198.51.100.6[10.6.0.101]</con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3></con2|3>

In my IPsec log settings (VPN > IPsec, Settings tab) I have "IKE SA" and "IKE Child SA" set to Control and "Configuration Backend" set to Diag, which is why it's a bit chatty there.

Merged/tested. Thank you.

Success!!

Oddly enough, I forgot to install grub4dos bootloader, but it looks like the BIOS doesn't need the first partition to be active or even to be used, it only needs to be present. On bootup, pfSense bootloader shows

F1 Win
F2 pfSense

and F2 is already selected, and autoboots.

The only issue I'm having at the moment, is that the installer failed to create the Swap partition - err, sorry - Swap "slice". I'm more accustomed to Linux way of doing things - they don't use slices.

Back on topic, How do I manually create the swap slice? I only have 1 GB of RAM.

@JorgeOliveira:

Hello,

Have you tried going to:
System > Routing > Gateways > WAN_DHCP6 (default) > Edit (pencil icon) > Advanced Options

Then check "Use non-local gateway through interface specific route." and save.

Of course I did. I was told to do in one of the responses to my original posting https://forum.pfsense.org/index.php?topic=106392.0 and upgraded to latest BETA specifically for this purpose.

arrrrrhhhgggsome! thank you!!

Thanks. A new version of the Suricata package is in preparation. It will have the new GUI of course, and will address this issue.